diff --git a/scripts/local/config/nginx.conf b/scripts/local/config/nginx.conf new file mode 100644 index 0000000..54cd1bd --- /dev/null +++ b/scripts/local/config/nginx.conf @@ -0,0 +1,136 @@ +# Copyright (c) Microsoft. All rights reserved. + +# TODO: verify whether the resolver/DNS works (or has no impact) when running with Kubernetes +# TODO: remove logs or move outside of the container + +daemon off; +worker_processes 1; +error_log /app/logs/error.log; +pid /app/logs/nginx.pid; +worker_rlimit_nofile 131072; + +events { + worker_connections 1024; +} + +http { + # Required so that nginx can resolve IPs when working with Docker Compose + resolver 127.0.0.11 ipv6=off; + + include /etc/nginx/mime.types; + default_type text/plain; + + index index.html index.htm; + + log_format upstreaminfo '$remote_addr - ' + '[$proxy_add_x_forwarded_for] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" ' + '$request_length $request_time $upstream_addr $upstream_response_length $upstream_response_time $upstream_status'; + + access_log /app/logs/access.log upstreaminfo; + error_log /app/logs/error.log; + + server { + listen 80; + server_name reverseproxy 127.0.0.1; + + # Disable caching behavior for now + # TODO: enable cache for static content later + add_header Cache-Control "no-cache"; + expires 0; + + # when serving any content, include a X-Content-Type-Options: nosniff + # header along with the Content-Type: header, to disable content-type + # sniffing on some browsers. + add_header X-Content-Type-Options "nosniff" always; + + # Don't allow the browser to render the page inside a frame/iframe + # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking + # If you need [i]frames, use SAMEORIGIN or set an uri with ALLOW-FROM uri + # See https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options + add_header X-Frame-Options SAMEORIGIN always; + + set $webui_endpoint "http://webui:80"; + set $auth_endpoint "http://auth:9001"; + set $iothubmanager_endpoint "http://iothubmanager:9002"; + set $devicesimulation_endpoint "http://devicesimulation:9003"; + set $telemetry_endpoint "http://telemetry:9004"; + set $config_endpoint "http://config:9005"; + + location / { + proxy_pass $webui_endpoint; + proxy_pass_header Authorization; + # TODO ~devis: remove - https://github.com/Azure/azure-iot-pcs-remote-monitoring-dotnet/issues/11 + # Public preview only: used to distinguish internal/external traffic + proxy_set_header X-Source external; + proxy_buffering off; + client_max_body_size 0; + proxy_read_timeout 3600s; + proxy_redirect off; + } + + location /auth/ { + rewrite /auth/(.*) /$1 break; + proxy_pass $auth_endpoint; + proxy_pass_header Authorization; + # TODO ~devis: remove - https://github.com/Azure/azure-iot-pcs-remote-monitoring-dotnet/issues/11 + # Public preview only: used to distinguish internal/external traffic + proxy_set_header X-Source external; + proxy_buffering off; + client_max_body_size 0; + proxy_read_timeout 3600s; + proxy_redirect off; + } + + location /iothubmanager/ { + rewrite /iothubmanager/(.*) /$1 break; + proxy_pass $iothubmanager_endpoint; + proxy_pass_header Authorization; + # TODO ~devis: remove - https://github.com/Azure/azure-iot-pcs-remote-monitoring-dotnet/issues/11 + # Public preview only: used to distinguish internal/external traffic + proxy_set_header X-Source external; + proxy_buffering off; + client_max_body_size 0; + proxy_read_timeout 3600s; + proxy_redirect off; + } + + location /devicesimulation/ { + rewrite /devicesimulation/(.*) /$1 break; + proxy_pass $devicesimulation_endpoint; + proxy_pass_header Authorization; + # TODO ~devis: remove - https://github.com/Azure/azure-iot-pcs-remote-monitoring-dotnet/issues/11 + # Public preview only: used to distinguish internal/external traffic + proxy_set_header X-Source external; + proxy_buffering off; + client_max_body_size 0; + proxy_read_timeout 3600s; + proxy_redirect off; + } + + location /telemetry/ { + rewrite /telemetry/(.*) /$1 break; + proxy_pass $telemetry_endpoint; + proxy_pass_header Authorization; + # TODO ~devis: remove - https://github.com/Azure/azure-iot-pcs-remote-monitoring-dotnet/issues/11 + # Public preview only: used to distinguish internal/external traffic + proxy_set_header X-Source external; + proxy_buffering off; + client_max_body_size 0; + proxy_read_timeout 3600s; + proxy_redirect off; + } + + location /config/ { + rewrite /config/(.*) /$1 break; + proxy_pass $config_endpoint; + proxy_pass_header Authorization; + # TODO ~devis: remove - https://github.com/Azure/azure-iot-pcs-remote-monitoring-dotnet/issues/11 + # Public preview only: used to distinguish internal/external traffic + proxy_set_header X-Source external; + proxy_buffering off; + client_max_body_size 0; + proxy_read_timeout 3600s; + proxy_redirect off; + } + } +}